ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-102 All Questions

View all questions & answers for the MS-102 exam
Go to Exam

Exam MS-102 topic 1 question 188 discussion

Actual exam question from Microsoft's MS-102
Question #: 188
Topic #: 1
[All MS-102 Questions]

HOTSPOT
-

You have a Microsoft 365 E5 subscription that contains the devices shown in the following table.



At 08:00, you create an incident notification rule that has the following configurations:

• Name: Notification1
• Notification settings
• Notify on alert severity: Low
• Device group scope: All (3)
• Details: First notification per incident
• Recipients: [email protected], [email protected]

At 08:02, you create an incident notification rule that has the following configurations:

• Name: Notification2
• Notification settings
• Notify on alert severity: Low, Medium
• Device group scope: DeviceGroup1, DeviceGroup2
• Recipients: [email protected]

In Microsoft 365 Defender, alerts are logged as shown in the following table.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by vercracked_007 at Sept. 13, 2023, 7:08 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ninjanaja
Highly Voted 1 year, 11 months ago
My answer: YNN
upvoted 23 times
...
AleFCI1908
Highly Voted 10 months, 1 week ago
NNN 1 only one mail send for a activity 2 8.07 same activity, the mail was prevously send 3 8.20 high risk level, not in the policy
upvoted 12 times
...
IgoKostadin
Most Recent 2 months, 3 weeks ago
Yes. Yes No
upvoted 2 times
...
ca7859c
4 months ago
NNN User1 received an alert at 8:05 (receives only 1 alert for Activity and won't receive the repeat at 8:07(both are activity 1)) User2 received an alert at 8:05 (with user1 since they are both in policy1, which receives only 1 alert for Activity and won't receive the repeat at 8:07 (both are activity 1)) User1 won't receive an alert, as policy1 is low & policy2 is medium & low, while the alert is High
upvoted 2 times
...
Tr619899
10 months, 3 weeks ago
Statements: 1. [email protected] will receive two incident notification emails for the alert at 8:05 - NO Notification1 is configured to send the first notification per incident. Since this is the first notification for Activity1, User1 will receive one email for the alert at 08:05. They will not receive a second email for the same alert. 2. [email protected] will receive an incident notification email for the alert at 8:07 - NO Since Notification1 is set to send only the first notification per incident, and Activity1 already triggered a notification at 08:05, User2 will not receive an additional notification for the alert at 08:07. 3. [email protected] will receive an incident notification email for the alert at 8:20 - NO Notification1 applies only to Low severity alerts, and Notification2 applies only to Low and Medium severity alerts. The alert at 08:20 has a high severity, so User1 will not receive a notification for this alert.
upvoted 11 times
...
APK1
12 months ago
NNN is the currect answer 1. User1 will not receive 2 alerts within one minute 2. User2 already got alert at 8:05 (again within one minute user2 will not get at 8:07) 3. High alert is not configured
upvoted 2 times
...
Khanbaba43
12 months ago
N, N, N One alert not 2. Already got an alert at 805 Alert high so won't get it.
upvoted 1 times
...
BurtSmart
1 year, 2 months ago
Note the words here, chose to be notified on first ocurrence of incident. https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/get-email-notifications-on-new-incidents-from-microsoft-365/ba-p/2012518#:~:text=You%20can%20also%20choose%20to,name%2C%20severity%2C%20and%20category.&text=Once%20you%20get%20the%20notification,start%20your%20investigation%20right%20away.
upvoted 1 times
...
spatrick
1 year, 2 months ago
Box 1: No - Notification it has: First notification per incident Only notify on first occurrence per incident - Select if you want a notification only on the first alert that matches your other selections. Later updates or alerts related to the incident won't send additional notifications. Box 2: Yes - Box 3: No - Severity of the 8:20 incident is high, so neither of the notification rules will trigger. Note: Alert severity - Choose the alert severities that will trigger an incident notification. For example, if you only want to be informed about high-severity incidents, select High. Reference: https://docs.microsoft.com/en-us/microsoft-365/security/defender/incidents-overview
upvoted 2 times
...
AdamRachel
1 year, 3 months ago
I say the answer is correct. No: The device will receive only one incident alert at 8:05 as notification1 is set: first alert per incidents. Yes: device is in scope to receive alert for this incident. No: Alert is severity High
upvoted 1 times
...
Tomtom11
1 year, 3 months ago
https://learn.microsoft.com/en-us/defender-xdr/configure-email-notifications
upvoted 1 times
...
benpatto
1 year, 8 months ago
https://www.examtopics.com/discussions/microsoft/view/81762-exam-ms-101-topic-2-question-101-discussion/# Go to bac0n answer (roller coaster) which perfectly describes this. N/N/N
upvoted 7 times
OwerGame
1 year, 4 months ago
bac0n 1 year, 3 months ago Was able to get a test VM set up on my homelab and onboard it to Defender for Endpoint using script; set up two device groups and added the same machine to each and just made them check for All (I didn't want to do anything unsafe). Downloaded test EICAR_TEST_FILE virus (look it up, it's safe) and I got ONE notification, NOT TWO, for the alert. NNN.
upvoted 5 times
...
...
jt2214
1 year, 10 months ago
I'm going to agree with Paul_white based on the link he provided. N/N/N https://www.examtopics.com/discussions/microsoft/view/81762-exam-ms-101-topic-2-question-101-discussion/#
upvoted 2 times
...
Paul_white
1 year, 10 months ago
Correct answer is NO, NO, NO https://www.examtopics.com/discussions/microsoft/view/81762-exam-ms-101-topic-2-question-101-discussion/#
upvoted 3 times
Milad666
1 year, 10 months ago
Correct Answer is : Y N N Y, N, N User1 will receive two incident notifications from "notification1" and "notification2" User2 already received incident notification on device1 from the incident at 8:05 User1 will not receive at 8:20 as the severity is high and doesn'y apply
upvoted 8 times
...
Nail
1 year, 9 months ago
N,N,N makes sense. #1 rule: thou shalt never make Microsoft look bad. It would make MS look bad if a user received two alerts when they only need to get one. They are showing you the awesomeness of MS that they will not send you more alerts than are necessary. MS products are way too awesome for that!
upvoted 4 times
...
...
vercracked_007
1 year, 11 months ago
Should this not be YYN two different notification rules
upvoted 12 times
OHMSS
7 months ago
User2 already got a notification from 8:05 so answer is NO
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel